The client had been registered with the FCA since 2022 to undertake cryptoasset activities and was looking for an independent compliance auditor with experience working with crypto firms to conduct its first AML audit.
The client selected Thistle given our ongoing experience in the cryptoasset space, including FCA registrations, audits and financial crime advisory projects. Thistle considered the maturity and size of the business, as well as the unique product offering and risk profile, when scoping and conducting the audit.
Thistle met the client to understand the needs (including any requests from partners), audit scope required, products and services, governance, stakeholders and timeframes. The agreed scope was a full AML audit, inclusive of all AML/CTF processes and operations relating to the client’s adherence with the UK Money Laundering Regulations (MLRs), JMLSG and the FCA’s Handbook.
Prior to the audit, an agenda and document request were supplied to the client. The client provided the requested documentation on its AML framework in a timely manner, allowing Thistle to review and analyse quickly. Thistle reviewed the documentation to get an in-depth understanding of the client’s AML infrastructure, including the governance structure and the relevant persons involved in the AML processes.
The audit included interviews with employees responsible for (and participating in) the client’s AML operations. This allowed Thistle to have a clear understanding of the duties and responsibilities of each relevant individual during the AML processes (from initial and ongoing due diligence to fiat and blockchain transaction monitoring and suspicious activity reporting).
The audit also included a review of a sample of client files, allowing Thistle to ensure that all relevant documentation had been collected for customers during onboarding, and on an ongoing basis.
The client was provided with a detailed AML audit report outlining Thistle’s observations and recommendations to improve or strengthen the client’s AML framework. Recommendations were clear and prioritised with a RAG rating methodology.
Thistle utilised its knowledge and experience of cryptoasset firms to assess risks associated with the client’s crypto activity, particularly in terms of transaction monitoring. The client successfully evidenced that it was not only monitoring fiat transactions but also had the appropriate processes and controls in place to monitor crypto transactions occurring on its platform. The client implemented effective blockchain monitoring tools.
Employees at the client were also able to demonstrate through interviews substantial knowledge of the crypto industry – including risks and related controls – which gave Thistle comfort during the audit process.
Overall, the client appreciated that all findings and recommendations were set within the context of a new, cryptoasset firm, whilst remaining in line with regulatory requirements. The client was satisfied with the overall process, its outcome and the report issued by Thistle’s Financial Crime team.
Visit our Financial Crime page for more information on our services.
Contact us on 0207 436 0630 or email info@thistleinitiatives.co.uk.